[llvm-dev] Segfault after compiling wget with dfsan

Tianyi Chen via llvm-dev llvm-dev at lists.llvm.org
Sun Apr 12 12:00:16 PDT 2020 

I concluded my investigation and the reason looks like dfsan breaks the
strchr function, as reported previously here
https://bugs.llvm.org/show_bug.cgi?id=22392 .

The following is the gdb log, for the build without dfsan, strchr enters
the implementation, for the build with dfsan, the function was just skipped.

==================================
(gdb) b strpbrk_or_eos
Breakpoint 1 at 0x440f00: file url.c, line 633.
(gdb) r www.google.com
Starting program: /tmp/wget-1.19.5/src/wget www.google.com
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Breakpoint 1, strpbrk_or_eos (s=0x68f547 "www.google.com",
    accept=0x684bc8 <init_seps.seps> ":/?#") at url.c:633
633  char *p = strpbrk (s, accept);
(gdb) n
634  if (!p)
(gdb) p p
$2 = 0x0
(gdb) step
635    p = strchr (s, '\0');
(gdb) p p
$3 = 0x0
(gdb) step
__strchr_sse2 () at ../sysdeps/x86_64/multiarch/../strchr.S:24
24 ../sysdeps/x86_64/multiarch/../strchr.S: No such file or directory.
(gdb)

============== With dfsan ==================

(gdb) b strpbrk_or_eos
Breakpoint 1 at 0x1938ec: file url.c, line 633.
(gdb) r www.google.com
Starting program: /tmp/wget-1.19.5-dfsan/src/wget www.google.com
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Breakpoint 1, strpbrk_or_eos (s=0x555555c6e577 "www.google.com",
    accept=0x555555a525a8 <init_seps.seps> ":/?#") at url.c:633
633  char *p = strpbrk (s, accept);
(gdb) n
634  if (!p)
(gdb) p p
$1 = 0x0
(gdb) step
635    p = strchr (s, '\0');
(gdb) p p
$2 = 0x0
(gdb) step
636  return p;
(gdb)

On Fri, Apr 3, 2020 at 4:53 PM Tianyi Chen <tchen025 at usc.edu> wrote:

> Hi all,
>
> I was trying to compile dfsan with wget. (Just enabling the dfsan feature,
> without actually making changes to the source code) Without dfsan, I am
> able to compile and run wget 1.19.5 (available at
> https://ftp.gnu.org/gnu/wget/wget-1.19.5.tar.gz). But when compiled with
> dfsan, it encountered a null pointer dereference error.
>
> Following an old post:
> http://lists.llvm.org/pipermail/cfe-dev/2014-May/037160.html . I was
> trying to use a blacklist for openssl functions.
>
> My commands are:
> export CC="clang -g -fsanitize=dataflow
> -fsanitize-blacklist=/tmp/openssl-list.txt
> export LDFLAGS=" -fsanitize=dataflow
> -fsanitize-blacklist=/tmp/openssl-list.txt
> ./configure --with-ssl=openssl
> make
>
> I've tried with clang 9,10, and the nightly build of 11 today.
>
> The error is:
> when trying to run "src/wget www.google.com"
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00005555556de113 in url_parse (url=0x555555c47550 "http://www.google.com",
>
>     error=0x7fffffffdb30, iri=0x555555c442f0 <dummy_iri>,
> percent_encode=true)
>     at url.c:837
> 837  if (*p == ':')
> and p is a null pointer.
>
> I am not sure if this is because I misused the dfsan or for some other
> reason, any ideas?
>
> Attached is the  fsanitize-blacklist I've used.
>
> Thanks,
> Tianyi
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20200412/cf8bfca1/attachment.html>

More information about the llvm-dev mailing list